Penetration Testing mailing list archives
Re: Core Impact
From: Daniel Miessler <daniel () dmiessler com>
Date: Thu, 23 Jun 2005 23:40:06 -0400
On Jun 21, 2005, at 12:27 PM, securityfocus () benmansour net wrote:
You might also want to look at the following open source project : Metasploit http://www.metasploit.com/"The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code."Except for the GUI, it offers comparable functionality and a broad choice of exploits.
Actually, while I think Metasploit is an impressive framework and use it often, it lacks a main feature that IMPACT has. Namely, IMPACT is able to do something they call "pivoting". This allows a tester to select an exploit in the GUI, launch it, and then upload the IMPACT agent to the newly compromised system.
From there, you now have the same GUI from which you can re-scan and exploit from that vantage point; rinse and repeat. In my view, this is what sets this tool apart from the others.
Of course, this isn't a replacement for a truly skilled pentester in complex situations, but when the network is full of three year old vulnerabilities and you're trying to make a point to a client's management, it's quite effective.
-- Daniel R. Miessler M: daniel () dmiessler com W: http://dmiessler.com G: 0x316BC712
Attachment:
PGP.sig
Description: This is a digitally signed message part
Current thread:
- Core Impact Security Professional (Jun 21)
- Re: Core Impact Chris Raymond (Jun 21)
- RE: Core Impact boxerb (Jun 21)
- Re: Core Impact David Eduardo Acosta RodrÃguez (Jun 21)
- Re: Core Impact paul dansing (Jun 22)
- <Possible follow-ups>
- Re: Core Impact securityfocus (Jun 21)
- Re: Core Impact Daniel Miessler (Jun 24)
- Re: Core Impact Daniele Milan (Jun 24)
- Re: Core Impact Chris Byrd (Jun 24)
- Re: Core Impact nick johnson (Jun 24)
- Re: Core Impact Daniel Miessler (Jun 24)
- RE: Core Impact Andre Protas (Jun 21)
- Re: Core Impact Christoph Puppe (Jun 22)
- Core Impact Security Professional (Jun 23)